Stop leaking OpenSSL types and defines in the isc/hmac.h

The <isc/md.h> header directly included <openssl/hmac.h> header which
enforced all users of the libisc library to explicitly list the include
path to OpenSSL and link with -lcrypto.  By hiding the specific
implementation into the private namespace, we no longer enforce this.
In the long run, this might also allow us to switch cryptographic
library implementation without affecting the downstream users.

diff --git a/lib/isc/hmac.c b/lib/isc/hmac.c
index 4a9c97abc85f86fb528fcb6ae45a4874389629f4..2f186f8df79d37b851e0d2717121e4dd2534bc43 100644 (file)
--- a/lib/isc/hmac.c
+++ b/lib/isc/hmac.c
@@ -25,9 +25,9 @@
 
 isc_hmac_t *
 isc_hmac_new(void) {
-       isc_hmac_t *hmac = HMAC_CTX_new();
+       HMAC_CTX *hmac = HMAC_CTX_new();
        RUNTIME_CHECK(hmac != NULL);
-       return (hmac);
+       return ((struct hmac *)hmac);
 }
 
 void
@@ -120,10 +120,8 @@ isc_result_t
 isc_hmac(isc_md_type_t type, const void *key, const int keylen,
         const unsigned char *buf, const size_t len, unsigned char *digest,
         unsigned int *digestlen) {
-       isc_hmac_t *hmac = NULL;
        isc_result_t res;
-
-       hmac = isc_hmac_new();
+       isc_hmac_t *hmac = isc_hmac_new();
 
        res = isc_hmac_init(hmac, key, keylen, type);
        if (res != ISC_R_SUCCESS) {

diff --git a/lib/isc/include/isc/hmac.h b/lib/isc/include/isc/hmac.h
index 6bff1c6b25ac41cb6d3a56ec036cf9c54df40135..ab349c10f1fddee77f0006b5145fb42b6380a9f9 100644 (file)
--- a/lib/isc/include/isc/hmac.h
+++ b/lib/isc/include/isc/hmac.h
@@ -22,9 +22,7 @@
 #include <isc/result.h>
 #include <isc/types.h>
 
-#include <openssl/hmac.h>
-
-typedef HMAC_CTX isc_hmac_t;
+typedef void isc_hmac_t;
 
 /**
  * isc_hmac: